ungleich-public
/
ungleich-certbot
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Docker container providing nginx/letsencrypt support
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11 Commits
1 Branch
12 Tags
438 KiB
 
 
Tree: e9efb22c3e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e9efb22c3e'
${ noResults }
ungleich-certbot/entrypoint.sh

77 lines
2.0 KiB
Raw Blame History

#!/bin/sh
if [ -z "$DOMAIN" -o -z "$EMAIL" ]; then
echo Missing DOMAIN or EMAIL parameter - aborting. >&2
exit 1
fi
# Check that the domain exists, if not wait for it
ipv6_addr=""
ipv4_addr=""
while [ -z "$ipv6_addr" -a -z "$ipv4_addr" ]; do
echo "Trying to resolve $DOMAIN via DNS ..."
# Resolve for IPv6 and for IPv6
ipv6_addr=$(dig +short "$DOMAIN" aaaa)
ipv4_addr=$(dig +short "$DOMAIN" a)
if [ "$ipv6_addr" -o "$ipv4_addr" ]; then
echo "Resolved domain $DOMAIN: ipv6: $ipv6_addr ipv4: $ipv4_addr"
else
echo "Resolving $DOMAIN failed, waiting 5 seconds before retrying ..."
sleep 5
fi
done
if [ "$STAGING" = no ]; then
STAGING=""
else
STAGING="--staging"
fi
# Skip getting certs if requested
if [ -z "$ONLYRENEWCERTS" -a -z "$ONLYRENEWCERTSONCE" ]; then
# Try to get a certificate, accept failures
while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
certbot certonly --agree-tos --cert-name "${DOMAIN}" \
--email "$EMAIL" --expand --non-interactive \
--domain "$DOMAIN" --standalone $STAGING
sleep 30
# Correct permissions for multi user container/pod deployments
# if not indicated otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
fi
done
fi
if [ "$ONLYGETCERT" ]; then
exit 0
fi
# Still there? Start nginx if requested
if [ "$NGINX" ]; then
nginx
fi
# Try to renew once per day
while true; do
/usr/bin/certbot renew
# And again, correct permissions if not told otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
fi
[ "$ONLYRENEWCERTSONCE" ] && exit 0
# reload nginx if we are running it
[ "$NGINX" ] && pkill -1 nginx
sleep 86400
done